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A system is provided 
for retrieving .secured elec- 
tronic information stored in 
at least one storage device 
(44), where each storage de- 
vice, such as a CD-ROM, is 
at least partially encrypted 
and is coupled to a user sta- 
tion. Each user station (40) 
has a processor responsive 
to a data file system and to 
a separate application pro- 
gram. The data file sys- 
tem includes at least one 
database file, each compris- 
ing data corresponding to 
a respective software prod- 
uct. The processor that is 
responsive to the applica- 

Uon product receives the data from the database file that corresponds to a user selected software product, requests (36) a decryption 
key from a remote network server based at least on the user selected software product data from the database files, and processes the 
requested decryption key that is selectively received from the server for decrypting the selected software product from the storage device. 
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SECURED ELECTRONIC INFORMATION DELIVERY SYSTEM 

HAVING SEPARATE DATA MANAGEMENT 

o — — . » ■ 

Related Applications 

U.S. Patent Application Serial Number 08/731,185, entitled "Secured 
Electronic Information Delivery System Having a Metering Device," was filed on 

1 0 October 11,1 996 for Daniel J. Barthel et al. and U.S. Patent Application Serial 
Number 08/720,968, entitled "Secured Electronic Information Delivery System 
Having a Three-Tier Structure," was filed on October 11, 1996 for Daniel J. 
Barthel et al. The above-noted applications are assigned to the assignee of this 
application. The contents of the above-noted applications are relevant to the 

1 5 subject matter of this application and are fully incorporated herein by reference. 

Field of the Invention 



from a storage device and, more particularly, to a system having a user station 
20 with a data file system separate from an application program for selectively 
receiving decryption keyes from a remote server to retrieve secured data from 
a storage device. 

Background of the Invention 
25 Traditional methods of product distribution within the retail software 

business generally involve the retailer having to purchase up-front inventories 
of each product before actual market demand can be determined. Moreover, 
retailers inevitably face the "80/20" rule - unless you have the 80% of 



The invention relates generally to a system for retrieving secured data 
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inventory in stock which rarely sells, you won't have the opportunity to sell the 
20% which does sell frequently. The only alternative previously available to 
retailers was to arrange a consignment inventory with the supplier. 
Consignment, however, does not resolve "out-of-stock" items, space 
5 requirements, or inventory management issues. Consignment inventory also 
bears a large up-front cost for suppliers. 

These factors, combined with increased competition from superstores, 
declining retail prices, and the perceived threat of the Internet as a convenient 
mechanism to purchase a wide assortment of software products, make 

10 traditional methods of software distribution highly inefficient in today's market 
environment. Therefore, there is a need for retailers to be able to produce 
software products "on-demand* as the items are needed. One such solution 
is a system for retrieving secured data from a storage device. 

In a conventional system for retrieving secured data from a storage 

15 device, the storage device may be located remotely from the retailer's user 
station over, e.g., a local area network (LAN) or a wide area network (WAN) or 
be located at the user station from, e.g., a CD-ROM. 

In systems where the storage device is at the user station, the user's 
access to the secured data from the storage device needs to be regulated. For 

20 example, in a hardware based system developed by Infosafe Systems, Inc., 
such regulation is accomplished by a metering chip that comprises all of the 
decryption keys to unlock the desired secured data from a CD-ROM. 
Essentially, a SCSI (small computer system interface) device, acting as an 
external hard drive and connected to the user station, includes the metering 
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chip having the decryption keys. The selected secured data is decrypted with 
a corresponding decryption key, while the user's order is simultaneously written 
and stored in the flash memory of the SCSI device. However, for the 
distributor to monitor each user station's usage (for billing purposes), every user 
5 station must be polled on a regular bases, e.g., daily, to capture the data stored 
in each SCSI device and subsequently purge the flash memory. This system 
has the disadvantage in that the distributor must poll each user station having 
the metering chip which is extremely time consuming, if not unrealistic, when 
the amount of user stations are in the thousands. 

10 In another hardware based system by Wave Systems Corp., another 

metering chip that comprises all of the decryption keys to unlock the desired 
secured data from a CD-ROM has been developed. However, unlike the system 
by Infosafe, the metering chip is not located in an external SCSI device but in 
the motherboard of the user station. This system has the same disadvantage 

15 in that the distributor must poll each user station having the metering chip. 
Further, any PC or Macintosh based user station would require that the 
motherboard be manufactured with the metering chip. This has the inherent 
disadvantages of taking up valuable real estate, i.e. space, on the motherboard, 
adding a significant cost to new computers, and difficult to service if there is 

20 a problem with the chip. 

In another secured data delivery system, developed by the assignee of 
this application, a combined hardware and software system has been produced. 
In this system, a retailer is supplied with a CD-ROM having encrypted software 
products stored thereon, and an application program (hereinafter an 
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"Application") including the product information corresponding to the encrypted 
software products and a decryption algorithm capable of taking partial 
decryption keys, supplied transparently from a remote server, to generate 
corresponding full decryption keys to decrypt the selected software products 
5 from the CD-ROM. 

However, in this system, since product data information is encrypted and 
incorporated into the Application program, a new Application is needed any 
time there is a change to the available products or when additional products or 
manufacturers are offered. Further, the Application risks becoming "bloated" 

10 with data and would require more memory to run as the number of products 
and manufacturers increases with time. Additionally, this system does not 
contemplate having a retailer sell CD-ROMs and Application software to 
customers, while being able to monitor the consumer's use by having the user 
connect to the retailer for decryption keys. Furthermore, this system requires 

1 5 that the retailer contact the server to receive the decryption keys every time the 
retailer produces a software product. 

It is therefore an object of the present invention to overcome the 
disadvantages of the prior art. 

20 Summary of the Invention 

This and other objects are realized by an inventive system and method 
of retrieving secured electronic information stored in at least one storage 
device, where each storage device is at least partially encrypted and is coupled 
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to a user station. The user station may be used by a retailer, a consumer, and 
the like. 

In one embodiment, each user station is coupled to at least one storage 
device, such as a CD-ROM. Each station has a processor responsive to a data 
5 file system and to a separate Application program. The data file system 
includes at least one database file, each comprising data corresponding to a 
respective software product. 

The processor, responsive to the Application program, receives the data 
from the database file that corresponds to a user selected software product, 
10 requests a decryption key from a remote network server based at least on the 
user selected software product data from the database files, and processes the 
requested decryption key that is selectively received from the server for 
decrypting the selected software product from the storage device. 

In another embodiment, an end-user station is coupled to at least one 
15 storage device, such as a CD-ROM, where each station has unique serial 
number and a processor that is responsive to an Application program stored 
therein. The user can select a software product to decrypt upon receipt of a 
corresponding decryption key. 

A remote vendor station, having a unique password, is selectively 
20 coupled to the end-user station, via a network, to receive a request for the 
decryption key corresponding to the selected software product. Further, the 
vendor station receives the serial number from the end-user station. 



5 



# * 

WO 98/16033 PCT/US97/18164 

A remote server is connected to the vendor station, via a network, when 
the password transmitted from the vendor station is validated. The server 
receives a request for the decryption key corresponding to the transmitted 
selected software product and the end-user serial number. The server then 
5 generates and transmits the decryption key to the vendor station based on the 
selected software product and the serial number. Thereafter, the vendor station 
transmits the decryption key to the end-user station, so that the end-user 
Application program can decrypt the selected software product based on the 
received decryption key. 

10 In yet another embodiment, each user station (vendor or consumer) is 

coupled to at least one storage device, such as a CD-ROM, having at least one 
electronic database file stored therein. At least one of the database files stores 
numerous decryption keys, each key corresponding to decrypting a 
predetermined data portion of the secured electronic information. 

1 5 Further, a metering device is coupled to each user station. When the 

metering device is valid, each respective user station is able to retrieve 
decryption keys from the corresponding database file for use in decrypting the 
corresponding selected data portion. In addition, a server that is selectably 
connected to each user station across a network controls whether the metering 

20 device is valid and operable so as to permit or deny the user station to retrieve 
the corresponding decryption keys. 
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Brief Description of the Drawing 

The following detailed description, given by way of example and not 
intended to limit the present invention solely thereto, will best be understood 
in conjunction with the accompanying drawings in which: 
5 FIG 1 is a diagram schematically illustrating a three-tier network having 

a server connected to a first group of user stations, where a station in the first 
group is connected to a second group of user stations, in accordance with the 
present invention. 

FIG 2 shows an example of a user station of FIG 1 , in accordance with 
10 the present invention. 

FIGs 3A-3D is a flow chart showing the steps for decrypting selected 
software products from one of a plurality of CD-ROMs connected to a user 
station from the first group of stations, in accordance with the present 
invention. 

15 FIGs 4A-4D is a flow chart showing the steps for decrypting selected 

software products from one of a plurality of CD-ROMs connected to a user 
station from the second group of stations, in accordance with the present 
invention. 

FIGs 5A-5D is a flow chart showing the steps for decrypting selected 
20 software products from one of a plurality of CD-ROMs connected to a user 
station from the first group of stations having a metering device, in accordance 
with the present invention. 
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Detailed Description of the Invention 

The preferred embodiments of the present invention all relate to a system 
where a retailer or a consumer may access software products from a storage 
device, such as a CD-ROM, that is coupled to the retailer or consumer user 
5 station or computer. Each software product on, e.g., a CD-ROM, has been 

secured by an encryption technique so that the retailer or consumer may access 

I* 

any encrypted software product upon receipt of a decryption key. 

For example, in one embodiment, every time the retailer or consumer 
wants to decrypt a software product, the retailer or consumer user station must 

10 link up with a remote server. The server will first ascertain that the station may 
access such decryption keys through, e.g., passwords and external serial 
numbers. Once the connection is validated, the server may generate the 
desired decryption key, based on, e.g., the software product item number, an 
internal serial number (not known to the retailer or consumer) and a purchase 

15 code. 

For added security, the decryption key generated by the server is 
preferably only a partial decryption key. Thus, if the decryption key required to 
unlock an encrypted product is 56 bits long, a partial key may simply be a 
portion thereof. The retailer or consumer user station, having an Application 
20 program, generates the full 56 bit decryption key. If the station is a retailer 
station, the retailer typically will decrypt and write a product onto an end-user 
media of choice, such as a floppy disk. 
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In another embodiment, the retailer or consumer user station has a 
metering device or "dongle" attached thereto for monitoring and selectively 
preventing access to decryption keys that are stored, not in a remote server, 
but in a known path to the Application in each station. In this case, the dongle 
5 will only permit a predetermined amount of products to be decrypted, an 
unlimited amount of products but for a predetermined amount of time, a 
predetermined monetary amount, or any other preset criteria. Once the preset 
criteria has expired, the retailer or consumer must link up with the remote 
server for revalidation. 

1 0 As seen in FIG 1 , a network 1 0 is illustrated having a server 1 5 that may 

be directly connected to a plurality of stations 16, 17, 18, 19 and 20 of first 
station group 12. Server 15 may be a conventional computer having PC DOS 
or Windows®, Macintosh®, UNIX or other OS (operating system) platform or a 
specialized server such as an exemplary Sun® Server. Server 15 may be 

1 5 connected to any station in station group 12, and vice-versa, by, for example, 
a typical modem link or LAN/WAN connection. A station may also be a 
conventional computer having any platform. Although only five stations in 
station group 1 2 are shown, it should be understood that there is substantially 
no limit to the amount of stations connected to server 15. 

20 FIG 1 also shows a second station group 14 that includes stations 24, 

25, 26, 27 and 28. As with station group 1 2, additional stations can be added 
to group 14. As shown, station 1 7 may be connected to each station in group 
14. Additionally, every station in first station group 12 may be connected to 
stations in second station group 14 or other station groups (not shown). 



9 



WO 98/16033 PCT/US97/18164 

Further, stations from the first station group may communicate with stations 
from the second station group, and vice versa, without being physically 
connected via a modem link or LAN, but by facsimile machines and the like, 
external to each station. 

As stated, stations 16-20 and 24-28 are typical computer systems, 
preferably PC or Macintosh® based. FIG 2 illustrates a conventional computer 
station which includes a computer housing 40, a monitor 32 and a keyboard 
46. Housing 40 comprises a modem jack 36, a hard drive 34, a floppy disk 
drive 42 and a CD-ROM drive 44. Of course, a station may include additional 
or less hardware as desired. Connecting housing 40 with keyboard 46 is a 
metering device or dongle 50 which, as will be described hereinlater, may 
prevent a station user from decrypting secured data from a storage device, such 
as a CD-ROM. It should be noted that the dongle may be connected to any 
external or internal station port (not shown), as well. A printer 48 may also be 
included for printing out, among other things, software manuals and disk labels. 

Prior to decrypting any software products, each station preferably has 
specialized software for installing an Application program and a data file 
system, such as a directory, although the directory may be included in the 
Application program, if desired. The directory includes separate database or 
resource files and universal files. In short, the database/resource files include 
each software manufacturers or foundries name and corresponding software 
product name, so that when the Application program is launched, the station 
will dynamically build menus that include each manufacturer and a list of each 
corresponding software product. Further, the database files include trademark 
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information for each manufacturer, and the correct path for each software 
product, i.e. on which CD-ROM. Since the database files are preferably 
separate from the Application program (although the Application program 
retrieves the data from the database files), it is relatively easy to upgrade or 
5 limit the amount of manufacturers available on each station. 

The universal files in the directory link together necessary products that 
are required for each selected manufacturer product. For example, if a user 
selects a software product from a specific manufacturer, three additional 
products may need to be retrieved for the selected product to work. Also, 
10 depending on the platform of the station (PC, Macintosh, etc.) certain programs 
must be linked with the selected product. For example, if the station has a 
Macintosh platform and requires a specific utility to run the selected software 
product. 

The Application program performs the majority of the functions for the 
15 station when decrypting software products. Among its functions are 
dynamically building manufacturer and software item menus, linking with the 
server or other stations, generating full decryption keys from partial keys, 
accessing the selected software product from one of a plurality of CD-ROMs, 
performing the decryption algorithms of the selected products for storage on, 
20 e.g. the hard drive or a floppy disk (or any high density storage medium), and 
queuing an attached printer to print out software manuals, labels for the floppy 
disks, and the like. 
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The software products, stored on the CD-ROMs, are preferably encrypted 
in the following manner. Each unsecured product is first encrypted by a 
conventional encrypting process using a unique corresponding encryption key. 
Thereafter, each encrypted product is decrypted using a unique phantom key. 
5 A phantom key is any random key so long as it is not the same as the unique 
encryption key. Each phantom decrypted product is then written to a 
corresponding CD-ROM. This scheme of first encrypting and then decrypting 
with a phantom key ensures that the software products on the CD-ROMs are 
virtually unbreakable without having both the phantom key and the encryption 
10 key. It has been estimated that it would take a Cray supercomputer 
approximately five years of non-stop processing to break the key codes for each 
software product. Of course, any encryption scheme will work with this 
invention as well. 



1 5 software products from a plurality of CD-ROMs from a retailer or consumer 
station (in station group 12), where a partial decryption key, for each selected 
product, is generated from the remote server. 

At step 60, the retailer or consumer user station is powered on and the 
Application program is launched. For example, on a Windows based operating 

20 system, the user would "click-on" the Application icon. At step 62, once the 
Application is launched, it checks that all of the necessary files from the 
directory are present. If not, an error message is flashed on the monitor and, 
upon user confirmation, the Application is terminated at step 64, Assuming 
that all files are present, at step 66, the Application will read the available 



FIGs 3A-D is a flow chart showing the steps for decrypting selected 



12 




WO 98/16033 PCT/US97/18164 

database files and include the contents of these files in dynamically built 
menus. An example of a dynamically built menu would be a list of 
manufacturer and corresponding product menus. 

At step 68, the station is idle while it waits for a user input. At step 70, 
5 the user will select the software product item or items that need to be 
decrypted and optionally written on a storage device. The user may select the 
desired item via SKU numbers, actual product names, scrolling lists or other 
criteria depending on the product. At step 72, the Application searches in the 
database files for the selected item. If, however, the item was selected from 
10 a scrolling list {a list created from the menus built from the database files), then 
the user selected an item directly from the database and therefore, a search is 
not necessary. Step 74 indicates that the selected items were found. If not, 
step 76 will alert the user and return to step 70, 

Assuming that the item is found, the selected item will be added to an 
1 5 Order Detail screen that includes other selected items, if any, at step 78. In the 
Order Detail screen, the user can select some or all of the selected items for 
decrypting and manufacture; Step 80 inquires if the user wants to select more 
product items. If yes, then the user returns to step 72, while if no, the user 
initiates the request for decryption keys to decrypt each selected item, at step 
20 82, by, e.g., clicking a Request icon. 

At step 84, a registration data entry screen that includes a space to enter 
in the customer's name, address, and the like appears. This feature enables the 
retailer or the consumer himself to register the user of the selected software 
. product with the manufacturer, so that the user can receive additional 
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information regarding updates, etc. Further, this enables the retailer to build a 
customer database of software purchasers simultaneously. At step 86, the 
Application ensures that all fields in the registration data entry are populated. 
If not, the user optionally is returned to step 84. 
5 At step 88, the Application will request the station user's name and a 

pre-assigned password which will be subsequently transmitted to the server at 
step 90. At this step, the Application wilt preferably automatically dial a 
predetermined phone number to connect to the remote server. To avoid 
anticipated traffic of several stations trying to connect to the server 
10 simultaneously, conventional network solutions can be implemented if a server 
is on a LAN. 

At step 92, in the event of a busy signal, the Application will continue 
dialing periodically until a connection is made or the user terminates the 
process. At step 94, connection to the server is made. At step 96, the server 

15 will initiate a series of requests for data to determine if the station is qualified 
to "Login" to the server. Some of the criteria include the station name, a 
password, and the external serial number. At step 98, if access to the server 
is denied, the modem connection is terminated by, e.g., an ATF command, at 
step 100. If access is granted, step 102 transfers the Order Detail and 

20 registration data entry information to the server. The server may store this 
information for future billing and royalty reporting purposes. Further, in this 
step, the product item number, the external serial number, and a purchase 
code, among others, is supplied to the server. The purchase code is a code 
generated by the Application that is not dependent on the selected product item 
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but based on the internal serial number of the Application. Based upon the 
supplied information, the server generates partial decryption keys to be 
transmitted to the requesting station. 

At step 104, the partial decryption keys are transmitted transparently to 
5 the Application via the modem. This partial decryption key is invisible to the 
user and is only used internally to generate the full decryption keys in step 106. 
At step 1 06, the Application generates the full decryption keys that will decrypt 
the selected software product. This is achieved, e.g., by using a private key 
encryption/decryption scheme. The full decryption keys are preferably 56 bit 

10 keys using the multi-level encryption scheme previously discussed. For 
example, since only portions of the decryption keys are sent, there is little risk 
of a security breach since the balance of the decryption key that needs to be 
used is calculated "on-the-fly" by the Application. 

At step 1 08, the Application queries whether there are any items to print. 

1 5 That is, if the product requires labels or documentation, the Application will 
generate these documents locally at the station's printer. The labels are for the 
floppy disks and casing which will be manufactured, if desired, for the 
decrypted software products. The labels and documentation may or may not 
be encrypted in the database or CD-ROM, depending on the manufacturer's 

20 specifications. If there are items to print, the printing routines are initialized at 
step 110. Once the items are printed, the user will have the opportunity to 
check the documents for printing flaws, at step 112, and if necessary reprint 
the documentation back at step 110. If the documentation is error free, or if 
the user chooses not to print any items, the encrypted CD-ROM volume is 

15 
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determined at step 114. The path to the correct CD-ROM that contains the 
selected encrypted product is stored in the corresponding database file. 
Preferably, a dialog box will appear requesting that the user mounts the 
appropriate CD-ROM for the item or items that need processing. In the event 
5 that the order contains items that are located on multiple CD-ROMs, the 
Application will process the first item, then request that a new CD-ROM be 
mounted, and proceed with processing that item. 

At step 116, the Application checks to make sure that the CD-ROM 
mounted is the correct one. If not, at step 118 the Application requests for the 

1 0 correct CD-ROM and at step 1 20, the user may change to the correct CD-ROM. 
If it is still not correct, the process returns to step 1 1 8; however, if the CD- 
ROM is now correct the process proceeds to step 122 where it is determined 
whether the selected item is found on the corrected CD-ROM. If not, the CD- 
ROM is likely outdated and an error message will appear which terminates the 

15 order. 

Once the item is found, the process proceeds to step 1 26 where the full 
generated decryption keys are used to decrypt the selected items from the 
Order Detail. These keys are then immediately discarded by the Application and 
thus cannot be used again. This occurs since the keys that are generated may 
20 only exist one time for a single order. The keys that are generated in the future 
to decrypt the same item will be completely different. Thus, the full decryption 
keys are only temporarily stored in a RAM (random access memory) until the 
item is decrypted and then discarded. At step 128, the decrypted items are 
checked by the Application in a process called "Checksum" to insure the 
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integrity of the data. In the event of a Checksum error, the order will be 
terminated at step 130. In this case, it is most likely that the internal serial 
number in the Application has been set incorrectly or that the installation 
procedures were not correctly followed. 



temporarily stored in the station memory. If the station user is a consumer, the 
product may be stored on the hard drive of the station. Alternatively or in 
addition to, the consumer may also write the decrypted product to a blank 
floppy disk. On the other hand, if the user station is from a retailer, the product 

10 may only be stored temporarily in the RAM as was the decryption key. At step 
132, the Application will request a media type to be mounted. Preferably, the 
media is a floppy disk which is specially serialized. If the Application requires 
that the floppy disks be specially serialized, then the specialized disks must be 
supplied to the user since no other media will work with the system. This 

15 procedure is to ensure quality control and maintain a control over the amount 
of products that can be decrypted per retailer and consumer station. 

At step 134, the Application determines whether the media are the 
correct type and formatted for the correct platform. Additionally, the 
Application "flags" the media once it is mounted so it cannot be used again. 

20 If the media does not meet these criteria, the media will be rejected, and a 
request will be made of the user to mount valid media back at step 132. 
Assuming that the media is correct, the product items are copied to the media 
at step 136. 



5 



At this point, the selected product item has been decrypted and is 
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At step 1 38, the Application determines whether the media is filled to 
capacity or require decryption from multiple CD-ROMs. If the order is not 
complete, the process is returned to step 132. If the order is complete, the 
Application will return to the Order Detail screen at step 1 40. At step 144, the 
5 order screen is cleared and the Application is ready for the next order to be 
processed through the system. At step 146, the station is idle waiting for the 
user to initiate the next selected item, if any. Lastly, at step 148, the process 
is ended. 



10 selected software products from a plurality of CD-ROMs from the consumer 
station. In this embodiment, the consumer preferably goes through the retailer, 
where the consumer purchased the software and CD-ROMs, to receive the 
partial decryption keys, as desired. The retailer, in turn, connects to the server 
for the partial decryption keys and once received, subsequently transmits on 

15 . line or by facsimile to the consumer. 

Steps 300 to 320 are essentially identical to steps 60 to 80 of FIG 3A 
and therefore will not be redescribed. At step 322, the consumer user will 
contact the retailer, where he purchased the Application program, for the partial 
decryption keys. The user may contact the retailer by telephone or facsimile 

20 to request the partial decryption key for the selected software product, or may 
contact the retailer via other networks, such as a modem. The information 
supplied to the retailer include the product item number, the purchase number 
and an external serial number that was supplied with the Application program. 



FIGS 4A-D is a flow chart showing the steps for a consumer decrypting 
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At step 324, the retailer initiates a request for the partial decryption keys from 
the remote server. 

Steps 326 to 340 are substantially the same as steps 84 to 94 and 102 
to 104 of Figs 3A-B, and therefore will not be redescribed. At step 342, the 
5 retailer transmits by modem, facsimile or telephone a partial decryption key, 
which is preferably 9 bits in length. At step 344, the consumer user enters the 
9 bit partial decryption key into the Application to internally generate the full 56 
bit decryption key to decrypt the selected product item. 

Steps 346 to 368 are essentially the same as steps 108 to 130 of FIG 
10 3C and therefore will not be redescribed. At step 370, the Application 
preferably moves the decrypted software product from the CD-ROM to the 
recepticle directory. If a directory path is not located, an error message will 
flash so that the user may create a proper directory at step 372. At step 374, 
the decrypted product items are copied to the directory on the consumer's hard 
15 drive. Steps 376 to 382 are essentially the same as steps 140 to 148 of FIG 
3D, and therefore, will not be described. 

FIGS 5A-D is a flow chart showing the steps for decrypting selected 
software products from a plurality of CD-ROMs from a retailer or consumer 
station (in station group 12), where the partial decryption keys are generated 
20 from the station itself. In this embodiment, a dongle 50 is utilized to monitor 
the amount of items decrypted, as previously described. The partial decryption 
keys are located in a "resource" file which is one of the database files in the 
directory. 
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Steps 200 to 206 are essentially the same as steps 60 to 66 of FIG 3A 
and therefore will not be redescribed. At step 208, the Application verifies that 
it is set to require a hardware dongle. Further, the Application checks that 
there is an resource file. If the Application is not set to receive the dongle or 
5 if the resource file is not present, then at step 210, the process may proceed 
to step 68 of FIGS 3A-D, or else terminate. 

At step 212, the Application verifies that the bus, preferably a Processor 
Direct Bus, is connected to the dongle. At step 214, if there is no dongle, an 
error message is generated and the Application is flagged or terminated, at step 
10 216. At step 218, the Application verifies that the dongle is set specifically for 
the Application. At step 220, an error message is generated and the 
Application is terminated if the dongle failed the verification. 

At step 222, a dialog box appears on the monitor informing the user that 
the dongle has an expiration date approaching in X number of days, in X 
15 number of additional manufacturing sessions, by X number of dollars, and/or 
any other criteria, as desired. At step 224, if either limits are expiring, the user 
can initiate a revalidation process at step 226. Preferably, the dongle is 
revalidated on line by the remote server at the server's discretion at step 228. 
Once the dongle is revalidated the process returns to step 200 and the user 
20 may begin again. 

If the use limit was not running out or expired, at step 230 the user may 
determine that it is premature to initiate the revalidation process and instead 
elects to proceed with the manufacturing process. 
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Steps 232 to 252 are essentially the same as steps 68 to 88 of FIGS 3A- 
B and therefore will not be redescribed. Additionally, steps 254-258 are 
essentially the same as steps 96-100 of FIG 3B and will also not be 
redescribed. 

At step 260, in the event that access is granted, the order detail and the 
customer's registration information will be written to a preferably DES 
encrypted database file where it will be stored for future billing and royalty 
reporting purposes. For example, every time that the user goes on line with the 
server to revalidate the dongle (at step 228) the server will automatically 
retrieve the data from the DES resource file. At step 262, the partial decryption 
keys are retrieved from the resource file. At step 264, the dongle is updated 
indicating that an additional use has procured. 

Steps 266 to the end at step 299 are essentially the same as steps 106 
to 144 of Figs 3B-D and therefore will not be redescribed. 

While several embodiments have been chosen to illustrate the invention, 
it will be understood by those skilled in the art that various changes and 
modifications can be made herein without departing from the scope of the 
invention as defined in the appended claims. 
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Claims 



The claimed invention is: 

1 . A system for retrieving a plurality of secured electronic information 
stored in at least one storage device, each being at least partially encrypted, 
5 and each of said plurality of secured electronic information being a software 
product, comprising: 

at least one user station coupled to said at least one storage device, each 
having a processor responsive to a data file system and to a separate 
application program stored in said user station, 
1 0 said data file system including at least one database file, each comprising 

data corresponding to a respective one of said plurality of software products, 
wherein said processor, responsive to said application program, 

receives said data from said database file that corresponds to a 
user selected software product, 
1 5 requests a decryption key from a remote network server based at 

least on the user selected software product data from said database files, and 



said server, for decrypting said selected software product from said at least one 
storage device. 



2. The system of claim 1 r wherein each said decryption key that is 
requested and processed by said processor, responsive to said application 
program, is a partial decryption key, and wherein said processor generates a 



processes the requested decryption key, selectively received from 



20 



22 




WO 98/16033 PCT/US97/18164 
corresponding full decryption key, for decrypting said selected software product 
from said at least one storage device, based on said partial decryption key. 

3. The system of claim 2, wherein said generated full decryption key 
5 is stored in said user station only until said selected software product is 

decrypted. 

4. The system of claim 2, wherein each of said software products 
being previously encrypted on said at least one storage device by first 

10 encrypting each unsecured software product using a unique corresponding 
encryption key and subsequently decrypting the encrypted product using a 
unique phantom key, so that to decrypt each software product, each said full 
decryption key must correspond to said unique phantom key to encrypt said 
product and to said unique corresponding encryption key to decrypt the 

1 5 phantom encrypted product. 

5. The system of claim 1, wherein each of said data corresponding 
to a respective software product includes at least one of the product 
manufacturer's name and trademarks, the location of said software product on 

20 said storage device, the platform type that will utilize said software product, 
and other software products relating thereto. 

6. The system of claim 5, wherein said platform type is one of PC, 
Macintosh and UNIX based. 
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7. The system of claim 1, wherein said data file system further 
includes a plurality of universal files corresponding to one of a predetermined 
group or the entirety of said software products, wherein said processor, 
responsive to said application program, receives the data from the 

5 corresponding universal file. 

8. The system of claim 7, wherein said data from said corresponding 
universal file includes verification to receive other necessary software products 
for said at least one storage device corresponding to the user selected software 

10 product. 

9. The system of claim 2, wherein said application program includes 
an encrypted serial number stored therein which must be supplied to said 
server, with said data corresponding to a respective software product, to 

1 5 receive said partial decryption key, such that said server will not transmit said 
partial decryption key if any of said serial number, said data corresponding to 
a respective software product, and optionally a user password is determined to 
be invalid by said server. 

20 10. The system of claim 1, wherein the decrypted selected software 

product is written to a storage medium. 

1 1 . The system of claim 1 0, wherein said processor, responsive to said 
application program, verifies that said storage medium includes a predetermined 
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data code, otherwise said decrypted software product is lost and not written 
to said storage medium. 

12. The system of claim 1 1 , wherein said storage medium is a floppy 



13. The system of claim 1, wherein each of said at least one storage 
device is a CD-Rom. 



stored in at least one storage device, each being at least partially encrypted, 
and each of said plurality of secured electronic information being a software 
product, comprising the steps of: 

selecting one of said software products for decryption through an 
15 application program stored in a user station, said user station having a 
processor responsive to said application program and to a separate data file 
system, said data file system including at least one database file, each 
comprising data corresponding to a respective one of said plurality of software 
products; 

20 supplying said data regarding the corresponding selected product from 

• said database files to said application program; 

requesting, by said processor responsive to said application program, a 
decryption key from a remote network server based at least on said data from 
said database files; 



5 disk. 



10 



14. A method for retrieving a plurality of secured electronic information 
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selectively receiving said decryption key from said server to said 

processor responsive to said application program; and 

decrypting said selected software product from said at least one storage 

device based on said decryption key. 

5 

15. The method of claim 14, wherein each said decryption key is a 
partial decryption key. 

1 6. The method of claim 1 4, further comprising the step of processing 
1 0 the partial decryption key received from said server to generate a full decryption 

key, wherein said step of encrypting decrypts said selected software product 
based on said full decryption key. 

1 7. The method of claim 1 6, further comprising the step of storing said 
15 full decryption key only until said selected software is decrypted. 

1 8. The method of claim 1 6, wherein each said software product being 
previously encrypted on said at least one storage device by the steps of: 

encrypting each unsecured software product using a unique 
20 corresponding encryption key, and 

subsequently decrypting each encrypted product using a unique phantom 

key. 
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19. The method of claim 18, wherein said step of decrypting said 
selected software product comprises the steps of: 

encrypting said selected software product based on said unique phantom 
key, and 

5 decrypting the phantom encrypted product based on said unique 

corresponding encryption key, 

wherein said phantom and corresponding encryption key is based on said 
generated full decryption key. 

1 0 20. The method of claim 1 4, wherein each of said data corresponding 

to a respective software product includes at least one of the product 
manufacturer's name and trademarks, the location of said software product on 
said storage device, the platform type that will utilize said software product, 
and other software products relating thereto. 

15 

21 . The method of claim 20, wherein said platform type is one of PC, 
Macintosh and UNIX based. 

22. The method of claim 14, wherein said data file system further 
20 includes a plurality of universal files corresponding to one of a predetermined 

group or the entirety of said software products. 
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23. The method of claim 22, further comprising the step of selectively 
retrieving said predetermined group or said entirety of software products from 
said at least one storage device when said selected software product 
corresponds to one of said plurality of universal file. 

5 

24. The system of claim 16, wherein said step of requesting said 
decryption key from said server is further based on an encrypted serial number, 
stored in said application program, such that said server will not transmit said 
partial decryption key if any of said serial number, said data corresponding to 

10 a respective software product, and optionally a user password is determined to 
be invalid by said server. 

25. The method of claim 1 4, further comprising the step of writing the 
decrypted selected software product to a storage medium. 

15 

26. The method of claim 25, further comprises the steps of: 
verifying that said storage medium includes a predetermined data code; 
destroying said decrypted software product without writing to said 

storage medium if such verification fails, and 
20 writing said decrypted software product to said storage medium if such 

verification passes. 

The method of claim 26, wherein said storage medium is a floppy 

28 
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28. The system of claim 1 4, wherein each of said at least one storage 
device is a CD-Rom. 
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